containing the LDAP include and lib directories. Please see
README.LDAP for more information.
- --with-ldap-conf-file
+ --with-ldap-conf-file=filename
Path to LDAP configuration file. If specified, sudo reads
this file instead of /etc/ldap.conf to locate the LDAP server.
+ --with-ldap-secret-file=filename
+ Path to LDAP secret password file. If specified, sudo uses
+ this file instead of /etc/ldap.secret to read the secret password
+ when rootbinddn is specified in the ldap config file.
+
--with-aixauth
Enable support for the AIX 4.x general authentication function.
This will use the authentication scheme specified for the user
--with-goons-insults include the insults from the "Goon Show"
--with-ldap[=DIR] enable LDAP support
--with-ldap-conf-file path to LDAP configuration file
+ --with-ldap-secret-file path to LDAP secret pasdword file
--with-pc-insults replace politically incorrect insults with less offensive ones
--with-secure-path override the user's path with a built-in one
--without-interfaces don't try to read the ip addr of ether interfaces
fi;
+# Check whether --with-ldap-secret-file or --without-ldap-secret-file was given.
+if test "${with_ldap_secret_file+set}" = set; then
+ withval="$with_ldap_secret_file"
+
+cat >>confdefs.h <<_ACEOF
+#define _PATH_LDAP_SECRET "$with_ldap_secret_file"
+_ACEOF
+
+fi;
+
# Check whether --with-pc-insults or --without-pc-insults was given.
if test "${with_pc_insults+set}" = set; then
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 6985 "configure"
+#line 6996 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 7083 "configure"
+#line 7094 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
;;
*-*-irix6*)
# Find out which ABI we are using.
- $ECHO '#line 7232 "configure"' > conftest.$ac_ext
+ $ECHO '#line 7243 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7883: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7894: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:7887: \$? = $ac_status" >&5
+ echo "$as_me:7898: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8158: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8169: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8162: \$? = $ac_status" >&5
+ echo "$as_me:8173: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8255: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8266: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:8259: \$? = $ac_status" >&5
+ echo "$as_me:8270: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8309: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8320: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:8313: \$? = $ac_status" >&5
+ echo "$as_me:8324: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
char *uri;
char *binddn;
char *bindpw;
+ char *rootbinddn;
char *base;
char *ssl;
int tls_checkpeer;
else
MATCH_S("bindpw", ldap_conf.bindpw)
else
+ MATCH_S("rootbinddn", ldap_conf.rootbinddn)
+ else
MATCH_S("sudoers_base", ldap_conf.base)
else
MATCH_I("sudoers_debug", ldap_conf.debug)
}
if (!ldap_conf.base)
return(FALSE); /* if no base is defined, ignore LDAP */
+
+ /* If rootbinddn set, read in /etc/ldap.secret if it exists. */
+ if (ldap_conf.rootbinddn) {
+ if ((f = fopen(_PATH_LDAP_SECRET, "r")) != NULL) {
+ if (fgets(buf, sizeof(buf), f) != NULL) {
+ /* removing trailing newlines */
+ for (c = buf; *c != '\0'; c++)
+ continue;
+ while (--c > buf && *c == '\n')
+ *c = '\0';
+ /* copy to bindpw and binddn */
+ efree(ldap_conf.bindpw);
+ ldap_conf.bindpw = estrdup(buf);
+ efree(ldap_conf.binddn);
+ ldap_conf.binddn = ldap_conf.rootbinddn;
+ ldap_conf.rootbinddn = NULL;
+ }
+ }
+ }
return(TRUE);
}
projects / sudo / commitdiff